Asylum seekers across Australia are lodging court appeals following the inadvertent disclosure of almost 10,000 asylum seekers’ personal details, claiming the breach has exposed them to persecution from authorities in their home countries and therefore they are entitled to automatic protection.

Guardian Australia revealed in February that the names, dates of birth, countries of origin, arrival date and location of every asylum seeker in a mainland detention facility was accidentally published on the Immigration Department’s website.

A letter, which detainees say has been signed by more than 50 asylum seekers in Villawood detention centre in western Sydney, also alleges that Immigration Department staff have intimidated asylum seekers who have indicated they will lodge claims, and are inviting “vulnerable” detainees to waive their privacy rights.

Dr John Sweeney, the head of research at the Edmund Rice Centre, one of the groups involved in the action, said he had met a group of detainees at Villawood on Friday. He said the detainees confirmed they had been asked to sign a form absolving the department of all responsibility for any harm inflicted if they were returned, as a result of the data breach.

One Villawood detainee has signed a statutory declaration to confirm they were asked to do this.

“They are effectively being asked to sign away a fundamental human right,” Sweeney said, “These rights are inalienable and so even if a form has been signed, it is an illegal document.

A spokeswoman for the minister for immigration and border protection Scott Morrison said in a statement: “There has been no attempt to seek permission from asylum seekers to release their private details publicly.

“I am advised that the department is putting in place arrangements to notify those who may have been affected by the data breach.

“All staff working in detention facilities are required to act with professionalism when dealing with asylum seekers.”

The detainees’ letter says: “Please imagine what we feel, what we fear after this leakage of our personal information by people who promised to protect us guaranteeing our safety and privacy. Please imagine the anxiety and stress building inside us. Please imagine the fear we feel for our families in our home countries. And this is all that we have to experience on top of struggles we already are going through.”

The letter continues: “Numerous vulnerable of us [sic] were called to immigration interview rooms at Villawood IDC to sign consents to authorise DIBP [Department of Immigration and Border Protection] to release our personal and confidential information to public.”

Asylum seekers in New South Wales, Western Australia and the Northern Territory have lodged claims, and many more are expected to follow. They include people from Sri Lanka, Pakistan, Vietnam, Nepal and Bangladesh.

Guardian Australia understands 35 applications have been lodged from Villawood detention centre, 45 from Curtin and 10 from Yongah Hill, both in WA.

Some of the claims, which are being lodged in the federal circuit court, are last-ditch attempts to gain protection from asylum seekers who have been “screened out” by the Immigration Department and are awaiting removal.

“Anyone who was in detention in January when the database leak happened is potentially eligible for a federal court action that is being taken,” said the Refugee Action Coalition’s Ian Rintoul, who added that a directions hearing was scheduled for 19 March in NSW.

It is understood the action involves a number of groups around Australia including the Edmund Rice Centre, a research and advocacy group.

“It is irresponsible to think that these people could be returned. The government itself says this data breach was a huge mistake,” said Edmund Rice Centre’s director, Phil Glendenning. “We have an obligation to make to ensure their safety and I am also worried about their families we have a legal and moral obligation to protect as well.”

“When mistakes like this are made, people die,” he said.

Guardian Australia has seen a copy of the court application individuals have lodged.

“It is a fundamental principle of refugee law that a person seeking asylum should be free to make their protection claims free of disclosure of their identity and other details to the authorities in the applicants home country,” a section reads.

When the privacy breach, the largest in Australian history, was first reported, experts in refugee law predicted that a swath of individual legal actions would arise.